[Samba] Winbind and getent issues

Jeremy Farrar jeremy.farrar at gmail.com
Tue May 11 14:29:08 MDT 2010 

I am currently setting up a cluster of Samba servers using DRBD and CTDB. I
have gotten the DRBD and CTDB configured on my cluster. I have configured
Samba and Winbind to join my active directory domain. Right now I am
struggling to get authentication through Winbind to work. My /var/log/secure
file looks like my system is not even trying to authenticate against AD.

wbinfo -u work great as does wbinfo -g. I am able to successfully
authenticate withe wbinfo -a [Username]%[Password]. getent password and
getent group do not function.

I checked the following links based upon documentation I have read.

ls -la /lib | grep winbind
lrwxrwxrwx  1 root root      24 May 11 14:52 libnss_winbind.so ->
/lib64/libnss_winbind.so
lrwxrwxrwx  1 root root      24 May 11 14:52 libnss_winbind.so.2 ->
/lib64/libnss_winbind.so

Any help would be greatly appreciated. Thanks.

Here is a copy of my nsswitch.conf

passwd:     files winbind
shadow:     files winbind
group:      files winbind

hosts:      files dns

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files winbind
rpc:        files winbind
services:   files

netgroup:   files

publickey:  nisplus

automount:  files
aliases:    files nisplus

Here is a copy of my smb.conf

[global]
   server string = %h
   workgroup = [DOMAIN]
   netbios name = stlnas
   password server = [DOMAIN CONTROLLER]
   realm = [DOMAIN].LOCAL
   security = ads
   idmap backend = tdb
   private dir = /[DOMAIN]/ctdb
   idmap uid = 10000-200000
   idmap gid = 10000-200000
   template shell = /bin/bash
   template homedir = /[DOMAIN]/home/%U
    template homedir = /home/[DOMAIN]/%U
   winbind uid = 10000-200000
   winbind gid = 10000-200000
   winbind trusted domains only = no
   winbind use default domain = true
   winbind offline logon = false
   winbind enum users = yes
   winbind enum groups = yes
   obey pam restrictions = yes
   printcap name = /etc/printcap
   clustering = yes
    max log size = 50
    disable netbios = yes
   passdb backend = tdbsam
#============================ Share Definitions
==============================

[homes]
    comment = Home Directories
    path = /[DOMAIN]/home
    browseable = no
    writable = yes
    acl check permissions = True
    nt acl support = yes
    ea support = yes
    acl map full control = True
    map acl inherit = yes
    inherit acls = yes
    vfs object = mysql_audit
        mysql_audit:host=mysql1.[DOMAIN].local
        mysql_audit:user=smbd
        mysql_audit:pass=password
        mysql_audit:name=smbd
        mysql_audit:port=3306


[[DOMAIN]]
    comment = All Shared Folders
    path = /[DOMAIN]
    copy = homes
    admin users = "[DOMAIN]\[USERNAME]"

Here is my /etc/pam.d/samba:
#%PAM-1.0
auth       required    pam_nologin.so
auth       sufficient   pam_winbind.so
auth       include    system-auth
account    include    system-auth
account    required     pam_winbind.so
session    include    system-auth
password   include    system-auth

More information about the samba mailing list